Configure Sysdig Captures
Create a Capture File From an Alert
While configuring your alert in the Act section toggle on the Activate Sysdig Capture
| Parameter | Description |
|---|---|
| Storage | The storage location for the capture files. The default storage location is the Sysdig Cloud Amazon S3 bucket. To configure a custom S3 storage bucket, refer to Configure AWS Capture File Storage. |
| File Name | The name of the capture file. The default name includes the date and time stamp the capture was created. |
| Time frame | The period of time captured. The default time is 15 seconds; the maximum capture time available is 24 hours. The capture file size limit is 100MB. The capture time starts from the time the alert threshold was breached (it does not capture syscalls from before the alert was triggered) Note: Sysdig recommends using the default time to ensure captures are small and manageable. |
| Filter | Restricts the amount of trace information collected. For more information, including examples of available filters, refer to the Sysdig Github page. |
Create a Capture File Manually
To create a capture file:
From the Explore module, select a host or container.
Click the Key Page Action drop-down menu, and select
Sysdig Capture.
The Sysdig Capture pop-up window will open.
Define the following parameters, and click the Start Capture button:
| Parameter | Description |
|---|---|
| Storage | The storage location for the capture files. The default storage location is the Sysdig Cloud Amazon S3 bucket. To configure a custom S3 storage bucket, refer to Configure AWS Capture File Storage. |
| Capture path and name | The name of the capture file. The default name includes the date and time stamp the capture was created. |
| Time frame | The period of time captured. The default time is 15 seconds; the maximum capture time available is 24 hours. The capture file size limit is 100MB. Note: Sysdig recommends using the default time to ensure captures are small and manageable. |
| Filter | Restricts the amount of trace information collected. For more information, including examples of available filters, refer to the Sysdig Github page. |
The Sysdig agent will be signaled to start a capture, and send back the
resulting trace file. The file will then be displayed in the Captures
module.
Download a Capture File
To download a capture file:
From the
Capturesmodule, navigate to the target capture file.Select the target capture file.
Click the Download button. A capture file will be automatically downloaded to your local machine.
Delete Capture Files
To delete a single capture file:
From the
Capturesmodule, select the capture file to be deleted.Click the
Deletebutton at the bottom of theCapturesmodule:
On the Keep File prompt, click the
Deletebutton to confirm, or theKeep Filebutton to cancel.
To delete all capture files:
From the
Capturesmodule, click theDelete Allbutton:
Click the
Yes, Delete Capturesbutton to confirm, or the Cancel button.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.